Description of problem: Key's algorithm preferences that say SHA-256 should be used are ignored. Overriding the algorithm manually using --digest-algo works, though. Version-Release number of selected component (if applicable): gnupg-1.4.9-4.fc10.x86_64 Steps to Reproduce: (irrelevant output parts skipped) 1. Create a key: $ LC_ALL=C gpg --homedir /home/mitr/t --gen-key --default-preference-list 'sha256' Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 5 What keysize do you want? (2048) Requested keysize is 2048 bits Real name: test key 2. Verify SHA-256 is the preferred algorithm: $ LC_ALL=C gpg --homedir /home/mitr/t --edit-key 'test key' Command> showpref [ultimate] (1). test key Cipher: 3DES Digest: SHA256, SHA1 Compression: ZIP, Uncompressed Features: MDC, Keyserver no-modify 3. Sign something: $ gpg --homedir /home/mitr/t --sign ~/linux-diff 4. Look what digest type is used: $ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpg <snip> :signature packet: algo 1, keyid 96C762145D3D055F version 4, created 1231860524, md5len 0, sigclass 0x00 digest algo 2, begin of digest c8 2f (Per RFC 4880, algo 1 = RSA, digest algo 2 = SHA-1) 5. Specify SHA-256 explicitly: $ gpg --digest-algo sha256 --homedir /home/mitr/t --sign ~/linux-diff 6. Verify gpg can generate SHA-256 if --digest-algo is used: $ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpggpg: WARNING: unsafe <snip> :signature packet: algo 1, keyid 96C762145D3D055F version 4, created 1231860613, md5len 0, sigclass 0x00 digest algo 8, begin of digest 87 31 (digest algo 8 = SHA-256) Expected results: 4. shows digest algo 8. Additional info: Perhaps SHA-256 is disabled by default and I need an extra option like to enable it, but --rfc4880 doesn't work and no other option in the documentation seems relevant.
After reading the source code I now realize the key preference applies to data sent _to_ the key owner, not _by_ the key owner.